CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-2802
https://notcve.org/view.php?id=CVE-2017-2802
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. Existe una vulnerabilidad explotable de secuestro de DLL en el componente del servicio poaService.exe del software Dell Precision Optimizer 3.5.5.0. Un archivo DLL malicioso nombrado de forma específica ubicado en uno de los directorios a los que señala la variable del entorno PATH conducirá a un escalado de privilegios. • http://www.securityfocus.com/bid/99360 https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247 • CWE-426: Untrusted Search Path •